Service Accounts

In SPIRL, non-human actors are authenticated using service accounts. Just like users, they are assigned a role. Unlike users, they are identified using an asymmetric key pair. The private key should be kept in a secure location.

Any SPIRL user can create a service account. New service accounts are scoped to the role of the creator. That is, a user with the Operator role can create a service account with the same role, but cannot create a service account with escalated privileges (e.g. Administrator).

The user who created a service account is considered the service account "owner". Service account owners have the ability to update or delete the service account. See the Roles documentation for more information.

Service accounts cannot create new service accounts.